There is someone exposing IRGC (Islamic Revolutionary Guard Corps) stuff on GitHub.

I'm not a IRGC geopolitical nerd, so I can't assess the value of the content. However, if you know what the fuck is going on, maybe you'll find it interesting:https://t.co/pGJjysrLXY

— vx-underground (@vxunderground) October 1, 2025

so awesome to see such talented researchers join the Linux kernel space. talk about a quick study. no Linux kernel research background and reproduces a complex state machine bug from just the patch commit in a few days 😅. pretty insane https://t.co/mO7qf0impF

— h0mbre (@h0mbre_) October 1, 2025

If you look at the big picture, Russian subversion v Europe since 2022 has been aimed at coercing Europe to abandon Ukraine & deterring provision of new & better aid. In that sense it has completely failed & is still failing. But this new wave of subversion may also be aimed at… https://t.co/GQcvVLslg4

— Shashank Joshi (@shashj) October 1, 2025

https://t.co/xUXkITOyd1

It interesting but still a v. small subset of TEE implementers would be impacted

— AndrewMohawk⁽ⁿᵘˡˡ⁾ (@AndrewMohawk) October 1, 2025

Eternal-Tux: Crafting a Linux Kernel KSMBD 0-Click RCE Exploit from N-Days

William Liu @cor_ctf posted an article about exploiting a slab object overflow (CVE-2023-52440) and remote infoleak (CVE-2023-4130) in the kernel SMB3 daemon to gain RCEhttps://t.co/kqvwX9NbSK pic.twitter.com/EKrpCIETcb

— Linux Kernel Security (@linkersec) October 1, 2025

babe are you ok? it’s already q4 and you’ve barely touched your “2025 roadmap”

— alli (@sonofalli) October 1, 2025

Blog post is out! Come learn about how I analyzed the latest kernelCTF 1-day submission.

This was a vulnerability in the Kernel TLS subsystem. I didn't write a full exploit yet, but @u1f383 already gave me some ideas that I will try to implement soon😅https://t.co/jFcVrwm9NF

— Faith 🇧🇩🇦🇺 (@farazsth98) October 1, 2025

Want to know what happens when commercial TEEs meet improvised DRAM memory interposers? SGX mayhem including attestation key extraction. Please DO try that at home😉. Check out our work at https://t.co/JyvHP48nez pic.twitter.com/6sB93LGeDt

— Daniel Genkin (@DanielGenkin) September 30, 2025

🔥 The next episode of Behind the Binary is here! We're joined by renowned security researcher Hahna Kane Latonick (@hahnakane) for a deep dive into the powerful world where reverse engineering meets data science.

🎧 https://t.co/AkJk1OiVSJ

— Josh Stroschein | The Cyber Yeti (@jstrosch) October 2, 2025

Maybe I’m just dumb, but it feels like half the RCE write-ups I read basically say “if an attacker has root” and then describe the most boring thing you can do from there.

— Zack Korman (@ZackKorman) October 2, 2025

I reported an arbitrary code execution in Unity Runtime, which affects all versions starting from Unity 2017.1.

As the vulnerability can be exploited without specific usage, I strongly encourage developers to patch.

Technical details below:https://t.co/af3d28rXw3

— RyotaK (@ryotkak) October 3, 2025

Debugging the kernel on a Pixel 8 with GDB over serial connectionhttps://t.co/xcqguFkgat

Credits @andreyknvl#cybersecurity pic.twitter.com/Do98LXj65Q

— 0xor0ne (@0xor0ne) October 2, 2025

Golang reverse engineering walkthrough! A challenge we solve with three different approaches: (1) static analysis with IDA, (2) dynamic analysis in a debugger and (3) patching the binary and switching to a desired code path 😎 https://t.co/7PfQNAHiMz pic.twitter.com/Sl9wTnP6bQ

— John Hammond (@_JohnHammond) October 2, 2025

My intern was born in 2007

I have unread emails older than that

— Ash Arora (@asharoraa) October 2, 2025

The Chinese launch thousands of drones from special containers carried by a “transformer” truck.
Currently used by a civilian drone light show company, the concept extrapolates to rapid launches of massive military drone swarms. https://t.co/hwj7iNuxKd pic.twitter.com/W7yFok1DKQ

— Roy🇨🇦 (@GrandpaRoy2) October 2, 2025

PRO TIP: REST is overengineering. Just expose one endpoint called /api that accepts SQL queries directly. pic.twitter.com/7uHSmak7y3

— Shayan (@ImSh4yy) October 2, 2025

You know it’s officially spooky season when the cauldron light comes on pic.twitter.com/HQa0x0PL7U

— Will Rose (@Vermintyfresh) October 2, 2025

Pumpkin (@u1f383) wrote an exploit for this issue! Go check out their blog post 👀

https://t.co/AkoQFtkU4a https://t.co/MpzgYlGrPp

— Faith 🇧🇩🇦🇺 (@farazsth98) October 3, 2025

Anotha week, another VR newsletter 🏴‍☠️📰@NCCGroupInfosec (@_mccaulay, @alexjplaskett) pop a Tesla TCU unit

kCTF 1-day breakdowns from @farazsth98 & @u1f383 @tehjh talks potential remote ASLR leaks

+ Jobs and MORE 👇https://t.co/vaAmZCzGnH

— exploits.club (@exploitsclub) October 3, 2025

we are auditing this clearly vibe-coded app ([AGENT].md files all over) and oh boy the amount of vulnerabilities found are insane.

it's awful that every critical vulnerability like SQLi, SSRF, and command injection shows up in the application.

there are few reasons that model…

— s1r1us (@S1r1u5_) October 3, 2025

❌ Wrong: “Victim must install a malicious app”
✅ Right: “Any 3rd-party app can exploit it”

Legit apps (e.g. Chrome) can be abused as gadgets, turning complex bugs into 1-click exploits. No excuse to leave it unfixed.https://t.co/XXU161QEFY

— Dimitri 0s (@Ch0pin) October 3, 2025

has security gone too far? pic.twitter.com/AgnfSa2U8a

— Matti Palli 🧙‍♂️ (@tritlo) October 3, 2025

Dropped all the username - password combinations recorded in the past 24hrs in a Gist:https://t.co/OMQ34dp9v9

Credentials are Cisco and AnyConnect-themed https://t.co/opjd4g1QuV

— Simo (@SimoKohonen) October 3, 2025

Red teams slip past detection. Defenders adapt. The cycle continues. 🔄

John Wotton's latest on AI gated loaders shows how offensive operators are using LLMs to make shellcode execution context-aware, executing only when OPSEC policies are met. https://t.co/clH1zOhuPb

— SpecterOps (@SpecterOps) October 3, 2025

> be uk government
> uk government says "need to protecc da kidz"
> says discord dangerous
> makes ppl send ids to discord
> discord age verification compromised

lmfao rip united kingdom nerds. its all over

— vx-underground (@vxunderground) October 3, 2025

''GitHub - 0xMarcio/cve: Latest CVEs with their Proof of Concept exploits.''#infosec #pentest #redteam #blueteamhttps://t.co/pWdLoQRWoH

— Florian Hansemann (@CyberWarship) October 3, 2025

There be a bunch to choose from from the list of naughty strings;https://t.co/Zb2VBGsvni

"If you're reading this, you've been in a coma for almost 20 years....Please wake up, we miss you."

— S0AndS0.eth (@S0_And_S0) October 3, 2025

US Resercher shows attackers can eavesdrop with high performance gaming mouse
- Using High perf sensor like PAW3395, 3399(20+K DPI, 4+KHz polling) can detect
- AI can detect and reconstruct the vibrations in voice that occur during conversation pic.twitter.com/iWISWzmTVX

— 포시포시 (@harukaze5719) October 3, 2025

The downside of being heavily dependent on the environment - can be mitigated by using thick desks, mouse pads, etc.

paper: https://t.co/QB61zz1IuZ
[Invisible Ears at Your Fingertips: Acoustic Eavesdropping via Mouse Sensors]

— 포시포시 (@harukaze5719) October 3, 2025

https://t.co/o4CGqi5qR0 ← we've just released Paged Out! zine Issue #7https://t.co/ZEuR7WtUAL ← direct linkhttps://t.co/DFuGBWFb4D ← prints for zine collectorshttps://t.co/8VN5hGyEux ← issue wallpaper
Enjoy!

Please please please RT to spread the news - thank you!

— PagedOut (@pagedout_zine) October 4, 2025